/*
    SUSAN® - Sole of Unix Save ANything

   
      Copyright (C) 2011-2016 Skyatlas Co. LTD

   

   
*/

/* clang-format off */

/**
 * Common TLS-Settings for both (Certificate and PSK).
 */
#define TLS_COMMON_CONFIG(res) \
  { "TlsAuthenticate", CFG_TYPE_BOOL, ITEM(res, authenticate_), 0, CFG_ITEM_DEFAULT, "false", \
     NULL, "Use TLS only to authenticate, not for encryption."}, \
  { "TlsEnable", CFG_TYPE_BOOL, ITEM(res, tls_enable_), 0, CFG_ITEM_DEFAULT, "true", \
     NULL, "Enable TLS support."}, \
  { "TlsRequire", CFG_TYPE_BOOL, ITEM(res, tls_require_), 0, CFG_ITEM_DEFAULT, "false", \
     NULL, "Without setting this to yes, Bareos can fall back to use unencrypted " \
     "connections. " \
     "Enabling this implicitly sets \"TLS Enable = yes\"."}, \
  { "TlsCipherList", CFG_TYPE_STDSTRDIR, ITEM(res, cipherlist_), 0, CFG_ITEM_PLATFORM_SPECIFIC, NULL, \
     NULL, "List of valid TLS Ciphers."}, \
  { "TlsDhFile", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.dhfile_), 0, 0, NULL, \
     NULL, "Path to PEM encoded Diffie-Hellman parameter file. " \
     "If this directive is specified, DH key exchange will be used for " \
     "the ephemeral keying, " \
     "allowing for forward secrecy of communications." }, \
  { "TlsProtocol", CFG_TYPE_STDSTR, ITEM(res, protocol_), 0, CFG_ITEM_PLATFORM_SPECIFIC, NULL, \
     "20.0.0-", "OpenSSL Configuration: Protocol"}

/*
 * TLS Settings for Certificate only
 */
#define TLS_CERT_CONFIG(res)                                                \
  { "TlsVerifyPeer",  CFG_TYPE_BOOL, ITEM(res, tls_cert_.verify_peer_), 0, CFG_ITEM_DEFAULT, "false", \
     NULL, "If disabled, all certificates signed by a known CA will be accepted. "  \
     "If enabled, the CN of a certificate must the Address or in the \"TLS "  \
     "Allowed CN\" list."}, \
  { "TlsCaCertificateFile", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.ca_certfile_), 0, 0, NULL, \
     NULL, "Path of a PEM encoded TLS CA certificate(s) file."}, \
  { "TlsCaCertificateDir", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.ca_certdir_), 0, 0, NULL, \
     NULL, "Path of a TLS CA certificate directory."}, \
  { "TlsCertificateRevocationList", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.crlfile_), 0, 0, NULL, \
     NULL, "Path of a Certificate Revocation List file."}, \
  { "TlsCertificate", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.certfile_), 0, 0, NULL, \
     NULL, "Path of a PEM encoded TLS certificate."}, \
  { "TlsKey", CFG_TYPE_STDSTRDIR, ITEM(res, tls_cert_.keyfile_), 0, 0, NULL, \
     NULL, "Path of a PEM encoded private key. It must correspond to the " \
     "specified \"TLS Certificate\"."}, \
  { "TlsAllowedCn", CFG_TYPE_STR_VECTOR, ITEM(res, tls_cert_.allowed_certificate_common_names_), 0, 0, NULL, \
     NULL, "\"Common Name\"s (CNs) of the allowed peer certificates." }


/* clang-format on */
